package com.xueqiu.movieplaymanagersystem.config;

import lombok.extern.slf4j.Slf4j;
import org.springframework.util.StringUtils;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import static com.xueqiu.movieplaymanagersystem.constant.configConstant.*;

/**
 * @author xueqiu
 */
@Slf4j
public class LoginInterceptor implements HandlerInterceptor {
    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
    }

    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
    }

    /**
     * 对登录请求和“需要登录后才能使用的请求”进行预处理
     *
     * @param request  request
     * @param response response
     * @param handler  handler
     * @return 是否放行，true为放行
     * @throws Exception Exception
     */
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        //获取请求的URL
        String requestURI = request.getRequestURI();
        //获取当前会话的对象
        HttpSession session = request.getSession();
        //如果请求的URL为空，返回false
        if (StringUtils.isEmpty(requestURI)) {
            return false;
        }
        /*
        对登录页面请求放行；
        注意“登陆页面请求”与“登录请求”是两种概念！
        从“登陆页面请求”到达“登陆页面”，
        从“登陆页面”才能发送“登录请求”。
         */
        if (
                "/admin/login.html".equals(requestURI) ||
                        "/admin/login.html/".equals(requestURI) ||
                        "/admin/getKey".equals(requestURI)
        ) {
            return true;
        }

        //拦截登录的相关请求(以/admin/login开头)
        if (requestURI.contains("/admin/login")) {
            //获得需要校验的用户名、密码、验证码
            String username = request.getParameter(REQUEST_USERNAME);
            String password = request.getParameter(REQUEST_PASSWORD);
            String code = request.getParameter(REQUEST_CAPTCHA);
            log.info("LoginInterceptor preHandle username password ----> {},{}",username,password);
            //判断非法请求类型
            if (!"post".equalsIgnoreCase(request.getMethod())) {
                request.setAttribute(REQUEST_MSG, RESPONSE_MSG_ERROR_1);
                //进行转发操作
                request.getRequestDispatcher("/admin/login.html").forward(request, response);
                return false;
            //如果用户的登录请求没有带任何的参数，那么就提示非法访问
            } else if (
                    StringUtils.isEmpty(username) ||
                            StringUtils.isEmpty(password) ||
                            StringUtils.isEmpty(code)
            ) {
                request.setAttribute(REQUEST_MSG, RESPONSE_MSG_ERROR_2);
                request.getRequestDispatcher("/admin/login.html").forward(request, response);
                return false;
            } else {
                return true;
            }
        }

        //拦截后台管理的相关请求(以/admin开头并且不是/admin/login)，判断用户是否有权限进入后台
        if (requestURI.contains("/admin") && requestURI.indexOf("/admin") == 0) {
            Object admin = session.getAttribute(ATTRIBUTE_USER);
            if (admin == null) {
                request.setAttribute(REQUEST_MSG, RESPONSE_MSG_ERROR_3);
                request.getRequestDispatcher("/admin/login.html").forward(request, response);
                return false;
            }
        }
        return true;
    }
}
